Digital rights management (DRM) is well known for protection of digital content, for instance including but not limited to audio and/or video data, in a playback device such as a computer or computing device or audio or video media player. The protection of digital content transferred between computers over a network and transferred from a computer or other host device or a server to an associated playback device is important for many organizations. The DRM process often involves encrypting the pieces of content (e.g., encrypting the binary form of the content) to restrict usage to those who have been granted a right to the content, which is for instance pieces of music or video programs.
Cryptography is the traditional protection method, but for many digital file transfer situations, a party that legitimately receives the content might try to break the DRM protection scheme, so as to give illicit access to third parties. Hence, an identified weak link in the DRM security is in the overall process, rather than the encryption of the content.
Moreover in this field generally and more generally in the computer field, the well known client-server computing architecture separates a client from a server and is generally implemented over a computer network, such as the Internet. Each client or server connected to a network is also referred to as a node. The basic type of client-server architecture employs two types of nodes, which are respectively clients and servers. This architecture allows computing devices to share files and resources. Each instance of the client software can send data requests to one or more connected servers. In turn, the servers accept those requests, process them, and return the requested information to the client. Clients may be web browsers, although this is not limiting. Servers typically include web servers, database servers, and email servers. The interaction between client and server is conventionally described using sequence diagrams.
The client-server architecture enables the roles and responsibilities of the computing system to be distributed among several independent computing platforms which are coupled only through the network. Note that the terms “client” and “server” as used here generally refer to software entities, which are executed respectively on client platforms or devices and server platforms or devices, which are the physical computers. Typically data is stored at a head end on the server or servers, which generally in the field have greater security controls than do the clients. That is, typically the servers are maintained by some sort of parent organization and are in a secure area physically and allow only very limited access by members of the public who typically control the client platforms. In general in the field it is believed that servers can better control access and resources, so as to guarantee that only those clients with the appropriate permissions may access and change data. Since thereby in field generally, data storage is centralized, updates to that data are easier to administer than would be the case under a peer-to-peer (non-client server) architecture.
Moreover in general, it is well known that the client-server architecture is subject to security deficiencies in terms of user and other data being obtainable illegitimately by hackers. This also pertains to video content being obtained illegitimately by hackers. Note that generally in the field, security breaches tend to focus on the server, which typically stores large amounts of information and also user information. Hence most work in the field is focused on security weaknesses in the server to prevent penetrations by hackers.
Further see patent publication US2009/0037725A1 commonly owned, published Feb. 5, 2009 and entitled “Client-Server Opaque Token Passing Apparatus and Method” incorporated herein by reference in its entirety, where a client-server architecture is provided where in order to enhance security, the bulk of the security verification activity takes place at the client rather than the server. In that patent application, this is accomplished by using a token passing scheme.